[jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649

Akshay Kotecha Jain (Jira) Tue, 01 Jun 2021 10:46:04 -0700


     [ 
https://issues.apache.org/jira/browse/KNOX-2614?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Akshay Kotecha Jain updated KNOX-2614:
--------------------------------------
    Summary: Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649  (was: 
Upgrade Jackson due to CVE-2020-25649)

> Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649
> --------------------------------------------------------
>
>                 Key: KNOX-2614
>                 URL: https://issues.apache.org/jira/browse/KNOX-2614
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Akshay Kotecha Jain
>            Priority: Major
>
> A flaw was found in FasterXML Jackson Databind, where it did not have entity 
> expansion secured properly. This flaw allows vulnerability to XML external 
> entity (XXE) attacks. The highest threat from this vulnerability is data 
> integrity.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649

Reply via email to